partial_accumen,

At the end of the day, some of us in IT security want to do the right things based in common sense but we get stymied by management decisions and precedence. Hell, I’ve brought NIST 800-63B documentation with me to check every reason why they wouldn’t budge. It’s just ingrained in them - meanwhile you look at the number of tickets for password help and password sharing violations that get reported …

Paint the picture for management:

At one time surgery was the purview of medieval barbers. Yes, the same barbers that cut your hair. At the time there were procedures to intentionally cause people to bleed excessively and cutting holes the body to let the one of the “4 humors” out to make the patient well again. All of this humanity arrived at with tens of thousands of years of existence on Earth. Today we look at this as uninformed and barbaric. Yet we’re doing the IT Security equivalent of those medieval barber still today. We’re bleeding our users unnecessarily with complex frequent password rotation and other bad methods because that’s what was the standard at one time. What’s the modern medicine version of IT Security? NIST 800-63B is a good start. I’m happy to explain whats in there. Now, do we want to keep harming our users and wasting the company’s money on poor efficiency or do we want to embrace the lesson learned from that bad past?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • asklemmy@lemmy.world
  • localhost
  • All magazines
  • 200 @ entry_comment_voters
    HTTP status 200 OK
    Route name entry_comment_voters
    Has session yes
    Stateless Check no
    Time 1937 ms
    Total time 1937 ms
    Initialization time 435 ms
    Memory 12.0 MiB
    Peak memory usage 12.0 MiB
    PHP memory limit 128 MiB
    Logger 87
    Errors 0
    Warnings 0
    Deprecations 87
    Cache 43 in 728.65 ms
    Cache Calls 43
    Total time 728.65 ms
    Cache hits 39 / 52 (75%)
    Cache writes 8
    2
    Default locale en
    Missing messages 2
    Fallback messages 0
    Defined messages 119
    Security n/a
    Authenticated No
    Firewall name main
    Twig 978 ms
    Render Time 978 ms
    Template Calls 80
    Block Calls 16
    Macro Calls 6
    53 in 767 ms
    settings_row_switch 15
    user_avatar 13
    user_settings_row_switch 4
    date 3
    user_inline 2
    settings_row_enum 2
    entry_comment 1
    date_edited 1
    vote 1
    boost 1
    user_actions 1
    magazine_box 1
    magazine_sub 1
    related_magazines 1
    active_users 1
    related_categories 1
    related_posts 1
    related_entries 1
    support_us_block 1
    featured_magazines 1
    13 in 474.57 ms
    Database Queries 13
    Different statements 13
    Query time 474.57 ms
    Invalid entities 0
    Cache hits 34
    Cache misses 2
    Cache puts 2
    6.4.0
    Profiler token 8e7896
    Environment dev
    Debug enabled
    PHP version 8.2.26   View phpinfo()
    PHP Extensions Xdebug ✗ APCu ✓ OPcache ✓
    PHP SAPI apache2handler